const Router = require("koa-router");
const router = new Router();
const { returnMsg, queryFn, jwtVerify } = require("../../utils");

router.get("/", async (ctx) => {
  //获取前端请求头携带过来的token
  let token = ctx.request.headers["cms-token"];
  //鉴权
  if (!jwtVerify(token)) {
    ctx.body = returnMsg(2, "查询用户信息失败", "token过期或该用户不存在");
    return;
  }
  //去数据库读取所有用户
  let sql = `SELECT * FROM cms_user`;
  let result = await queryFn(sql);
  ctx.body = returnMsg(0, "列表请求成功", result);
});

//修改编辑权限
router.post("/", async (ctx) => {
  let token = ctx.request.headers["cms-token"];
  //鉴权
  if (!jwtVerify(token)) {
    ctx.body = returnMsg(2, "查询用户信息失败", "token过期或该用户不存在");
    return;
  }
  //鉴权成功：修改数据库中对应的字段
  //   开通编辑权限,open传1,关闭编辑权限,open传0
  let { id, open } = ctx.request.body;
  if (!id || open === "" || open == null) {
    ctx.body = returnMsg(1, "参数错误");
    return;
  }

  //有id传过来
  let sql1 = `SELECT editable FROM cms_user WHERE id=${id}`;
  let result1 = await queryFn(sql1);
  //如果这个用户已经有了编辑权限
  if (result1[0].editable === 1 && open === 1) {
    //同时前端还想开通它的编辑权限
    ctx.body = returnMsg(2, "该用户已有编辑权限");
    return;
  }
  //·如果这个用户本来就没有编辑权限
  if (result1[0].editable === 0 && open === 0) {
    //·同时前端还想开通它的编辑权限
    ctx.body = returnMsg(2, "该用户未有编辑权限");
    return;
  }
  //修改用户编辑权限
  let sql2 = `UPDATE cms_user SET editable=${open}  WHERE id=${id}`;
  await queryFn(sql2);
  ctx.body = returnMsg(0, "用户编辑权限修改成功");
});

module.exports = router;
